Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:0953: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-45061: A vulnerability was discovered in Python. A quadratic algorithm exists when processing inputs to the IDNA (RFC 3490) decoder, such that a crafted unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor, which could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied hostname.
Red Hat Security Data
#vulnerability#linux#red_hat#dos#ibm

Synopsis

Moderate: python3.9 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python3.9 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

  • Python: CPU denial of service via inefficient IDNA decoder (CVE-2022-45061)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2144072 - CVE-2022-45061 Python: CPU denial of service via inefficient IDNA decoder

Red Hat Enterprise Linux for x86_64 9

SRPM

python3.9-3.9.14-1.el9_1.2.src.rpm

SHA-256: 466a54fd6ecb15a9dfb03c1e78ae439abb1d70de1901907a1f32a0d08ce1ba86

x86_64

python-unversioned-command-3.9.14-1.el9_1.2.noarch.rpm

SHA-256: 618b8f1198c5134a98a21d7672c0a632902a20b6defc978731eaff5b7086a03c

python3-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: c595cbcea9f6a9f9e6ab66296755ec55ae530c33b311bfd06356924e450cfe10

python3-devel-3.9.14-1.el9_1.2.i686.rpm

SHA-256: c14de00d70e83f8c802dadac93622db0936d6a9a2d298e52e7308502fb081510

python3-devel-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 1c94f82cdd9edaeb5945b6bbb1702febc5945970862bb072b4456713a4f40f27

python3-libs-3.9.14-1.el9_1.2.i686.rpm

SHA-256: 851ea6cb52a3cfeb21e5dc910bcb472b730809a1aa70ff93be940bd835015da1

python3-libs-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 476b5b2e96ddc5886265abe77b3829fb1abaee3265e97e1c5d5a2c6497081916

python3-tkinter-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 890842aa929871a5eab724fdcd3a2ac12e5a1fe756206a82c1f28b53be31b03a

python3.9-debuginfo-3.9.14-1.el9_1.2.i686.rpm

SHA-256: e47694ba863a943d0ba16961f9bada4bb12a47407a5f18c1a49ef38149ab3b73

python3.9-debuginfo-3.9.14-1.el9_1.2.i686.rpm

SHA-256: e47694ba863a943d0ba16961f9bada4bb12a47407a5f18c1a49ef38149ab3b73

python3.9-debuginfo-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 1febc1b0f1895fdbb3b75f620dc7deba1e97aefc1db2571fafd88e59c56dc10f

python3.9-debuginfo-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 1febc1b0f1895fdbb3b75f620dc7deba1e97aefc1db2571fafd88e59c56dc10f

python3.9-debugsource-3.9.14-1.el9_1.2.i686.rpm

SHA-256: f5be67ba51aaa1361708c4f0ee8a4e8be5488f789e9c2ef7768efb3c178d6413

python3.9-debugsource-3.9.14-1.el9_1.2.i686.rpm

SHA-256: f5be67ba51aaa1361708c4f0ee8a4e8be5488f789e9c2ef7768efb3c178d6413

python3.9-debugsource-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 6579d0fc52846523ae07c0ce4f8194fff6e390a20e7e3507b546d5725a046e94

python3.9-debugsource-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 6579d0fc52846523ae07c0ce4f8194fff6e390a20e7e3507b546d5725a046e94

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

python3.9-3.9.14-1.el9_1.2.src.rpm

SHA-256: 466a54fd6ecb15a9dfb03c1e78ae439abb1d70de1901907a1f32a0d08ce1ba86

s390x

python-unversioned-command-3.9.14-1.el9_1.2.noarch.rpm

SHA-256: 618b8f1198c5134a98a21d7672c0a632902a20b6defc978731eaff5b7086a03c

python3-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 9e075547875777282975cccd21e852b4e01601216ca6e01bebdf16f30984d08c

python3-devel-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: b016c18ec63e1bc65ff2c8ccf3c9fc4598e9d49a1770baf6f653dc2fd609bdae

python3-libs-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 7a80949fd3370b70f1dde5700b8275a6c2a08ee5048fa6e787c328851d9ff1b9

python3-tkinter-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 2d06f4d90eac64cd5c33e33479e8948778eafec88c8c4a8827da46ab40da7800

python3.9-debuginfo-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 9783c3a46a13e11ff8118cb7494a262a9c83bf65304b1615ba357c1f26a88f5e

python3.9-debuginfo-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 9783c3a46a13e11ff8118cb7494a262a9c83bf65304b1615ba357c1f26a88f5e

python3.9-debugsource-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 408f96a8e82ee7cb173dc3e3a0d620378a62268bd98b8a46627ca9d5891d9f1a

python3.9-debugsource-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 408f96a8e82ee7cb173dc3e3a0d620378a62268bd98b8a46627ca9d5891d9f1a

Red Hat Enterprise Linux for Power, little endian 9

SRPM

python3.9-3.9.14-1.el9_1.2.src.rpm

SHA-256: 466a54fd6ecb15a9dfb03c1e78ae439abb1d70de1901907a1f32a0d08ce1ba86

ppc64le

python-unversioned-command-3.9.14-1.el9_1.2.noarch.rpm

SHA-256: 618b8f1198c5134a98a21d7672c0a632902a20b6defc978731eaff5b7086a03c

python3-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: d361c1eb53d9ae5e51324d9bf566cbb88b021df6bb5571073c2d4ce3dcc23caa

python3-devel-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: 7d76f5d7c419eaf3947fb208770948f1d0b318dfb9b98c3b84f5db9a02956715

python3-libs-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: 04ade49d5f312da3c06fb0bdec2f1188607e2bab0084f965c7883c6d5679ca96

python3-tkinter-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: 21d49d05ad76fd4d49e58d95e7da47c2dea3d39593d3c76decd2d3115048b143

python3.9-debuginfo-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: c7a34cdfbec7c08a762e7d3a475eea9ad9b56cbe3eae5ab09d55ec40eead9825

python3.9-debuginfo-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: c7a34cdfbec7c08a762e7d3a475eea9ad9b56cbe3eae5ab09d55ec40eead9825

python3.9-debugsource-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: ae7acaf17b437e0aabe003a3bad5a091687b383fbd8808c6a9c25e7e49bd0d47

python3.9-debugsource-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: ae7acaf17b437e0aabe003a3bad5a091687b383fbd8808c6a9c25e7e49bd0d47

Red Hat Enterprise Linux for ARM 64 9

SRPM

python3.9-3.9.14-1.el9_1.2.src.rpm

SHA-256: 466a54fd6ecb15a9dfb03c1e78ae439abb1d70de1901907a1f32a0d08ce1ba86

aarch64

python-unversioned-command-3.9.14-1.el9_1.2.noarch.rpm

SHA-256: 618b8f1198c5134a98a21d7672c0a632902a20b6defc978731eaff5b7086a03c

python3-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 1e28e732d7bab46220502df70c9d2d77b52e53cd7ab93d80abdd955cbcc53b95

python3-devel-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 336540a5ae5470509a8760b13905af23389504c5866b15885cefff5d90b991d7

python3-libs-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 46286026439ee2c155773ec10e95227f9da39333a469206dd88bb5e96cde2a06

python3-tkinter-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 5ba22108fc9c7eb62535667ac6d2e38773180aeef2b67d6df075232712d37da4

python3.9-debuginfo-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: bdf4d0a63b02ecf17010e0ac995a8ccb11ec88783e1735324699c0fe0738d755

python3.9-debuginfo-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: bdf4d0a63b02ecf17010e0ac995a8ccb11ec88783e1735324699c0fe0738d755

python3.9-debugsource-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 04d78d77b6c84206a7978dc5e3abcd62bc9cee91726deaf391aefde5ca4a64f8

python3.9-debugsource-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 04d78d77b6c84206a7978dc5e3abcd62bc9cee91726deaf391aefde5ca4a64f8

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

python3-3.9.14-1.el9_1.2.i686.rpm

SHA-256: cd80993ba5726d73d350cc37662dd09e070cd3386b7112cf961f34d484e61210

python3-debug-3.9.14-1.el9_1.2.i686.rpm

SHA-256: 36e0affd006a5804d59f1898b3ac3c8eeee7e263d10ffe07d1fdc12eb58d8445

python3-debug-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: bfb0f7d301a88b2a5c3132759560dc9394ad9b49599f25c568538886ba0e411a

python3-idle-3.9.14-1.el9_1.2.i686.rpm

SHA-256: 76efe2ab7cc0e561e6e0e0267ad4f55d912740ba9e99fc6582137cf6077e0e6c

python3-idle-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 3c13a7f467910e965de0324c6b704f08f7dbd013a87f4d5c062e9de7810e7815

python3-test-3.9.14-1.el9_1.2.i686.rpm

SHA-256: b8417033361cc63fdf283c03040155776d5cb882005b8afffc5a8b0f0bee0008

python3-test-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: b788bb48ffafd9e60493adfa5d5a09100660ac3d6470ca22d4e62242cb9f458d

python3-tkinter-3.9.14-1.el9_1.2.i686.rpm

SHA-256: ccfb8bce73fad41c971be3856da8091824d879238fd738f769727ad2a827c527

python3.9-debuginfo-3.9.14-1.el9_1.2.i686.rpm

SHA-256: e47694ba863a943d0ba16961f9bada4bb12a47407a5f18c1a49ef38149ab3b73

python3.9-debuginfo-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 1febc1b0f1895fdbb3b75f620dc7deba1e97aefc1db2571fafd88e59c56dc10f

python3.9-debugsource-3.9.14-1.el9_1.2.i686.rpm

SHA-256: f5be67ba51aaa1361708c4f0ee8a4e8be5488f789e9c2ef7768efb3c178d6413

python3.9-debugsource-3.9.14-1.el9_1.2.x86_64.rpm

SHA-256: 6579d0fc52846523ae07c0ce4f8194fff6e390a20e7e3507b546d5725a046e94

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

python3-debug-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: 2c1acf6a54a65e158cbb98a81bb304a67a927a7dfe159c2c821fe785f7d32c31

python3-idle-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: 8e9f9eacb70e2d5790717bcd5823ef086b2b125ce237bf9ff041acf1c31986ac

python3-test-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: b39a50d9c5167ebd92c4828eba9269527223ab10d9deadebaf0ce8b4c44a0960

python3.9-debuginfo-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: c7a34cdfbec7c08a762e7d3a475eea9ad9b56cbe3eae5ab09d55ec40eead9825

python3.9-debugsource-3.9.14-1.el9_1.2.ppc64le.rpm

SHA-256: ae7acaf17b437e0aabe003a3bad5a091687b383fbd8808c6a9c25e7e49bd0d47

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

python3-debug-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 83571abb26df28ca37c6db3388601795a36e237a0b77cceb34d2c55d7a155204

python3-idle-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: becd1d8f7b6976048464dfe06c5d33b6ce1e4ea9d970e1aefdd8ee0ac79ea47d

python3-test-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 54b30602e7e2b3367889dfadfe7ae245c4dab0ad591b2489ff79a1eebf4ddbf7

python3.9-debuginfo-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: bdf4d0a63b02ecf17010e0ac995a8ccb11ec88783e1735324699c0fe0738d755

python3.9-debugsource-3.9.14-1.el9_1.2.aarch64.rpm

SHA-256: 04d78d77b6c84206a7978dc5e3abcd62bc9cee91726deaf391aefde5ca4a64f8

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

python3-debug-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: da496eaf1d01e71376315e1d60481457397a54f062998b74b24ae42144790bb2

python3-idle-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: ede8df64a185f61fb56efef2f98578b9fb411da79e60c9605480c7b246789de1

python3-test-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 85210a17d0bfeaab4a36244dbf434a85cc46ef3e60325b1dbe86d0ae2a89cad6

python3.9-debuginfo-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 9783c3a46a13e11ff8118cb7494a262a9c83bf65304b1615ba357c1f26a88f5e

python3.9-debugsource-3.9.14-1.el9_1.2.s390x.rpm

SHA-256: 408f96a8e82ee7cb173dc3e3a0d620378a62268bd98b8a46627ca9d5891d9f1a

Related news

Ubuntu Security Notice USN-6891-1

Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-28864: Chef Infra Server Release Notes

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

CVE-2023-32449: DSA-2023-173: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:2763: Red Hat Security Advisory: python38:3.8 and python38-devel:3.8 security update

An update for the python38:3.8 and python38-devel:3.8 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-10735: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not a...

Red Hat Security Advisory 2023-2104-01

Red Hat Security Advisory 2023-2104-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include a denial of service vulnerability.

RHSA-2023:2083: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.5 General Availability release images, which fix bugs and security updates container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3841: A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauth...

Red Hat Security Advisory 2023-2061-01

Red Hat Security Advisory 2023-2061-01 - Multicluster Engine for Kubernetes 2.1.6 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-2023-01

Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

CVE-2023-21954: Oracle Critical Patch Update Advisory - April 2023

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...

RHSA-2023:1816: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.2 Bug Fix and security update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.2 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While ...

Red Hat Security Advisory 2023-1454-01

Red Hat Security Advisory 2023-1454-01 - An update is now available for Red Hat OpenShift GitOps 1.7. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:1448: Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.3.2 security update

Red Hat OpenShift Service Mesh Containers for 2.3.2 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server t...

RHSA-2023:1428: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2022-24999: A flaw was found in the express.js npm package. Express.js Express is vulnerable to a d...

Red Hat Security Advisory 2023-0931-01

Red Hat Security Advisory 2023-0931-01 - Update information for Logging Subsystem 5.4.12 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-0932-01

Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

Red Hat Security Advisory 2023-1170-01

Red Hat Security Advisory 2023-1170-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

Red Hat Security Advisory 2023-0930-01

Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2023:0931: Red Hat Security Advisory: Logging Subsystem 5.4.12 - Red Hat OpenShift

Logging Subsystem 5.4.12 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to alloc...

RHSA-2023:0930: Red Hat Security Advisory: Logging Subsystem 5.5.8 - Red Hat OpenShift

Logging Subsystem 5.5.8 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...

RHSA-2023:1170: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.1 security bug fix update

Red Hat OpenShift Data Foundation 4.12.1 Bug Fix Update Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4238: A flaw was found in goutils where randomly generated alphanumeric strings contain significantly less entropy than expected. Both the `RandomAlphaNumeric` and `CryptoRandomAlphaNumeric` functions always return strings containing at least one digit from 0 to 9. This issue significantly reduces the amount of entropy generated in short strings by these functions.

RHSA-2023:0932: Red Hat Security Advisory: Logging Subsystem 5.6.3 - Red Hat OpenShift

Logging Subsystem 5.6.3 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24999: qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&...

Ubuntu Security Notice USN-5888-1

Ubuntu Security Notice 5888-1 - It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system were tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute arbitrary code.

Red Hat Security Advisory 2023-0833-01

Red Hat Security Advisory 2023-0833-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

RHSA-2023:0833: Red Hat Security Advisory: python3 security update

An update for python3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-10735: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this v...

CVE-2023-0036: en/security-disclosure/2023/2023-01.md · OpenHarmony/security - Gitee.com

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.

Ubuntu Security Notice USN-5767-2

Ubuntu Security Notice 5767-2 - USN-5767-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.

Ubuntu Security Notice USN-5767-1

Ubuntu Security Notice 5767-1 - Nicky Mouha discovered that Python incorrectly handled certain SHA-3 internals. An attacker could possibly use this issue to cause a crash or execute arbitrary code. It was discovered that Python incorrectly handled certain IDNA inputs. An attacker could possibly use this issue to expose sensitive information denial of service, or cause a crash.

CVE-2022-45061: Slow IDNA decoding with large strings [CVE-2022-45061] · Issue #98433 · python/cpython

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.